Compendium CE trainings
Attacking and application protection

Training is dedicated to Project Leaders, application designers and programmers, as well as IT security administrators. Its purpose is to broaden the participants' knowledge of IT security issues, in order to make them aware of the vulnerabilities they may possibly create in an application during the programming process. Training will present whole range of contemporary attack methods, as well as how to prevent an application from being attacked. Security issues of web applications, which are accessed by internet browser, will be emphasized. Being aware of possible applications' vulnerabilities will help the participants to design more secure code.
2 days

1.        Introduction; short description of applications' architecture
2.        Review of risks and recommendations referring to application's protection

• Detailed threats to applications' architecture
• Trivial vulnerabilities
• No service of errors either special situations
• Manipulations on parameters
• Methods of sniffing and alteration of transmission
• Path traversal
• SQL injection
• Session hijacking
• Cross-site scripting
• Session fixation
• Buffer overflow
• Format strings
• Attacks on encrypting protocols

3.        Best practice in programming - how to make it secure (summary and systematization)
4.        Short review of protecting the applications beside the programming process

• Compiler level protection
• System kernel level protection
• Application firewalls and IPSs
• Case study session

Training will include a workshop session dedicated to trying out some of the presented attack methods. To illustrate the lecture part of training, some special application modules, deliberately vulnerable to particular attacks, will be used.
Basic knowledge of:

• applications' architecture
• work of web applications
• HTTP protocol

The participants will obtain certificates signed by Compendium - Education Center.
Krakow - 5 Tatarska Street, II floor, hours: 9:00 am - 4:00 pm
Warsaw - 17 Bielska Street, hours: 9:00 am - 4:00 pm
Compendium's trainer
Please feel free to contact us by phone or by form below to get actual price for this training.

• Design and Implementation of the Security Policy according to ISO/IEC 17799 norm
• Penetration Testing Course - Hacking Methodology
• Attack Detection, Evidences Collection and Intrusion Preventions Course
• Incident within IT environment, computer crime law and regulation
• Incident within IT environment, digital evidence
• Incident within IT environment, computer forensic
• Attacking and application protection
• Wireless Network Security
• MPLS Introduction
• ATM Introduction
• IP over ATM
• GSM/GPRS/EDGE Introduction

• BlueCoat: Blue Coat Director Course
• BlueCoat: Blue Coat WAN Acceleration Professional (BCWAP) Course
• Fortinet: FortiMail Email Filtering
•   New trainings: RSS Feed »